A new ransomware group is making itself known - loudly and across continents. BERT has been hitting Windows and Linux systems across multiple sectors throughout Asia, Europe, and the U.S., encrypting files and shutting down virtual machines with alarming speed. An SEO poisoning campaign has tricked over 8,500 SMB users into downloading malware disguised as legitimate tools, turning trusted names into delivery vehicles for infection. That contract email may be the front for a deeper breach. Batavia spyware is targeting Russian industrial enterprises using phishing lures. Read on for more.
01
BERT is a newly emerged ransomware group targeting Windows and Linux platforms, with confirmed victims primarily in healthcare, technology, and event services across Asia, Europe, and the U.S.
02
A recent SEO poisoning campaign has targeted over 8,500 small and medium-sized business users by delivering malware disguised as popular tools like PuTTY and WinSCP.
03
Threat actors are using phishing campaigns to distribute links to malicious WordPress sites hosting NetSupport Manager RAT. Malicious JavaScript is injected into compromised websites to manipulate the DOM, display fake CAPTCHA pages, and deliver the payload.
04
A new spyware called Batavia has been targeting Russian industrial enterprises via phishing emails, which contain links disguised as contract attachments, downloading a malicious .VBE file.
05
SAP released critical security updates addressing 27 vulnerabilities across its software portfolio, with seven classified as critical. The most severe, CVE-2025-30012, affects the Live Auction Cockpit component of SAP Supplier Relationship Management.
06
A new XMRig-based cryptojacking campaign leverages LOLBAS techniques and stealthy persistence tactics to mine Monero undetected. The malware disables Windows Update services and masquerades as legitimate nanopool mirrors to avoid detection.
07
CYFIRMA has uncovered a cyber-espionage campaign by APT36 (Transparent Tribe), targeting Indian defense personnel using Linux-based systems, particularly BOSS Linux.
08
A campaign by an IAB, attributed to the group TGR-CRI-0045 (linked to Gold Melody), has been exploiting leaked Machine Keys used in ASP.NET sites to gain unauthorized access to organizations' IIS servers.
09
A massive global fraud campaign has been uncovered involving over 17,000 fake news websites, known as Baiting News Sites, designed to lure users into fraudulent investment schemes. The operation spanned 50 countries.
10
Researchers released proof-of-concept exploits for a critical Citrix NetScaler vulnerability, CVE-2025-5777, known as CitrixBleed2, which can steal user session tokens.
